limiting login for particular purpose
dump at gmx.info
dump at gmx.info
Sun May 22 00:49:09 CEST 2016
Dear list.
I have the following scenario:
Access to a WLAN is granted by freeradius using MySQL as backend. For
administration purposes apache with php is running. Users are able to
change their passwords via a simple web page. The authentication is
performed via a php radius module and direct connection to the
inner-tunnel.
I want to add a small administration page and I want to use radius via
php too for authentication of the admin. But I want to ensure that the
administration account can only be used for login into the
administration section and not for login into the WiFi-net.
I don't want to use realms for this purpose. I thought using the
Auth-Type directive in the radcheck or radgroupcheck table and
forbidding EAP authentication could be a possibility. But I don't know
how to arrange this.
Does somebody have some hints or another possibility for achieving the
described above?
Jens
More information about the Freeradius-Users
mailing list